Cyberattacks targeting global maritime operations have surged, with over 100 incidents linked to nation-state actors, ransomware groups, and hacktivists, according to new findings from cybersecurity firm Cyble. As maritime cyberattacks surge amid rising geopolitical tensions, adversaries are exploiting critical weaknesses in ships, ports, and offshore systems, forcing the industry to confront resilience and visibility gaps. […]
Hackers used an SAP flaw to breach a U.S.-based chemicals company’s network in April 2025, exploiting a now-patched vulnerability in SAP NetWeaver. The attackers deployed the Auto-Color backdoor on Linux systems over a three-day period, gaining unauthorized access and attempting to download suspicious files. The intrusion involved direct communication with malicious infrastructure linked to the […]
Microsoft unveiled a multi-layered security framework to address rising threats from indirect prompt injection attacks on generative AI systems. In a detailed strategy, Microsoft unveils AI defenses that combine hardened prompts, detection tools, and mitigation layers to safeguard large language model (LLM) applications in enterprise settings. These attacks, which embed malicious instructions within external data, […]
A cybercrime group known as Lionishackers has rapidly gained notoriety for infiltrating corporate databases and marketing stolen information on dark web forums and Telegram. Primarily targeting organizations in Asia, the group uses automated SQL injection tools to breach vulnerable systems. Lionishackers sell stolen data directly, bypassing traditional ransomware tactics in favor of monetizing raw records. […]
Advanced persistent threat groups have escalated cyberattacks on the maritime industry, exploiting its global trade significance to deploy ransomware. APT hackers target ships through a blend of espionage and destructive tactics, aiming to cripple operations and demand ransom. Analysts have tracked over 100 attacks on maritime and shipping firms in the past year, marking a […]
A critical CrushFTP Zero-Day Flaw has exposed servers to unauthenticated remote code execution, security researchers warned this week. Tracked as CVE-2025-54309 and scoring 9.8 on the CVSS scale, the vulnerability stems from improper request handling by CrushFTP’s DMZ proxy, which fails to enforce authentication on sensitive admin endpoints. Attackers can exploit this flaw by sending […]
Palo Alto Networks has announced plans to acquire identity security firm CyberArk in a $25 billion deal, marking its largest acquisition to date. With this move, Palo Alto buys CyberArk to strengthen its capabilities in identity security, a rapidly growing segment within the cybersecurity sector. The acquisition signals Palo Alto Networks’ strategic shift beyond its […]
Hackers are actively exploiting a critical vulnerability in the popular WordPress theme “Alone – Charity Multipurpose Non-profit” to gain control of websites. The flaw, identified as CVE-2025-5394, holds a severity rating of 9.8 on the CVSS scale. Threat actors are using it to upload arbitrary files, allowing them to install unauthorized plugins and seize full […]
Cybersecurity researchers at Avast have released a free decryptor for the FunkSec ransomware, allowing victims to recover encrypted files without paying a ransom. Gen Digital confirmed the tool’s release after collaboration with law enforcement, marking a turning point in the fight against the malware strain. With the FunkSec ransomware defeated, the team determined the threat […]
A critical security flaw in Base44, the AI-powered vibe coding platform recently acquired by Wix, exposed private enterprise applications to unauthorized access. The Base44 hack exposes private app access by allowing attackers to exploit a logic flaw using publicly available app IDs, bypassing authentication even for apps protected by Single Sign-On. Wiz Research identified the […]
The Qilin ransomware gang has introduced a new legal support service for its affiliates, marking a troubling shift in cybercrime tactics. The move, first revealed on a Russian-language darknet forum in June 2025, shows how Qilin Ransomware Gains Edge by combining technical extortion with legal intimidation. This strategy targets victims’ fears of regulatory penalties and […]
Rising tensions between Thailand and Cambodia have taken a digital turn, as cybercrime stokes Thai-Cambodian conflict beyond traditional political and territorial disputes. A surge in online scams, allegedly orchestrated from within Cambodia’s borders, has drawn sharp criticism from Thai authorities, who link the cybercriminal activity to broader regional instability. Investigations reveal that call centers and […]